Archive for the ‘Data Security’ category

Air-con glitch cripples data center of major Australian Bank

May 5th, 2011

An interesting article out of Australia about how an air-con glitch shut down a major bank’s data center.

The problem was triggered by an air-conditioning problem at a data centre, which had triggered the meltdown of the banking website and some cash withdrawal facilities, said Westpac spokesperson Jane Counsel.

“In really basic terms, at one of the data centres that hosts customer transactions systems, a problem triggered the air-conditioning to turn off and when systems get to a certain temperature they shut down,” said Ms Counsel.

“So it just happened to be the infrastructure [problems that have affected our] main service channels.”

With so much talk about moving to the cloud, ask your providers/vendors about the systems that will be triggered in such an event (or any weather related event such as a tornado/flood).

The purpose of this post is not to alarm you, and don’t let it derail your shift to the cloud. But be aware, it can and does happen - Westpac Bank is one of Australia’s largest banks. Get familiar and comfortable with their disaster recovery plan. Some might try to blow it off as a non-issue, but knowing their procedures and systems will certainly give you confidence in their ability to either keep you online or get you back up and running as quickly as possible.

Read the full article.

Post to Twitter Tweet This Post

No comments »

Posted in Data Security, Management, Technology

Tags:

Is the iPad a Security Risk?

February 1st, 2011

A 2020 Group USA member in Portland (OR) sent an interesting article featuring an interview with US District Attorney for Oregon Dwight Holder. Two interesting questions came from the security/terrorism discussion regarding how secure the iPad is.

Is cybercrime on your radar?

Sure. I got an email right before Christmas from the mother ship [U.S. Attorney General Eric Holder] saying, essentially, don’t use iPads, don’t forward email to iPads, don’t take notes using iPads because they’re a security risk. I didn’t tell my wife. And, unfortunately, she got me an iPad for Christmas, which is [now] a very lovely and expensive gaming platform for my 6-year-old.

But the implication is the iPad is more of a security risk than a laptop?

That’s what my security folks think. And they say quit whining. People can mine information off these things in a way…because they are so connected. In part it’s because it’s so tempting to put everything on there in a way that everything might not be on your laptop.

Read the full article

Is iPad security on your radar? Let us know what you think and link to any articles which may be useful.

Here are a couple of tips we found online to keep your iPad secure. Some seem more obvious than others.

Lock your iPad

This is basic security that’s free and easy, and that too many iPad/ smart phone users don’t employ. Tap the “Settings” icon on the home screen and then select “General” and “Passcode Lock.” Then set the four-digit PIN to unlock your iPad when you turn it on or wake it up.

Choose an interval of time of inactivity before it will ask for the code again. As a general rule, the shorter the interval the better. Another security feature you can set is to erase all data if someone enters the wrong code 10 times. Fear not, if you cause the erasure, you can always restore your information by syncing with your computer. A code won’t necessarily stop a thief from accessing content on your device by connecting it to a computer, but it may be enough of a deterrent.

Think also about a physical case and lock to keep prying eyes out.

Source: Techworld

Work on trusted WiFi networks

In far too many cases, WiFi connections on unprotected networks just aren’t as safe as they should be. And although it’s more difficult for folks to access information on an iPad than on, say, a Windows PC, sending sensitive information over that network can be dangerous. Once again, the iPad is little more than a newly designed computer. So maybe online shopping on your iPad is not as safe as it seems.

Source: e-week

Find or disable a lost or stolen device

Apple’s MobileMe service has a feature called “Find My iPad” (or iPhone) that can help users locate a lost device.

Using your computer, sign up for MobileMe and activate the feature by logging into your account and following the on-screen instructions to see the approximate location of your lost property on a map.

If you discover that you left it at a bar, say, you can remotely set a four-digit passcode and lock it (if you haven’t already) by clicking “Remote Lock.” Then you can write a message that will be displayed on the screen to whoever may have found it — like,  “Oops! Left my expensive, coveted iPad at your bar. Please call me at xxx-xxx-xxxx. Coming to pick it up now!” — even if it is locked.

If you go to the bar and get blank looks, have MobileMe override the ringer volume or silent setting and play a sound to help you locate the device. If all these efforts  fail, you can click “Remote Wipe” to return the device to its factory settings and remove all your content.

Source: New York Times

And last but not least:

Use complex passwords and change them often.

Tips for password:

Use combinations of upper and lower case.

Use non-alphanumeric characters to represent alphanumeric characters. For example substitute ! for i, @ for a, and 3 for e.

Post to Twitter Tweet This Post

No comments »

Posted in Data Security, Management, Technology

Tags:

Are You Exchanging Files with Your Clients Securely?

January 26th, 2011

On January 28, California will ‘celebrate’ Data Privacy Day, which is a timely reminder given the amount of data that will be exchanged between you and your clients over tax season. 

Do you know where your state stands on data protection?

At one extreme, Nevada and Massachusetts have very specific legislation. For example in MA, CMR 17.03 states:

“Every person that owns or licenses personal information about a resident of theCommonwealth shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate…

And CMR 17.04: 

“Every person that owns or licenses personal information about a resident of the Commonwealth and electronically stores or transmits such information shall include in its written, comprehensive information security program the establishment and maintenance of a security system covering its computers, including any wireless system, that, at a minimum, and to the extent technically feasible, shall have the following elements:”

“…(3)Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly… 

…(5) Encryption of all personal information stored on laptops or other portable devices;”

California is an interesting beast. Section 1798.81.5 of the Civil Code states:

“…(b) A business that owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”

While it doesn’t define reasonable measures above, it does say what must happen in the event of data loss or theft of unencrypted information. Section 1798.82 of Civil Code states,

“Any agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” 

All but Alabama, Kentucky, New Mexico and South Dakota have security breach laws which outline the steps that must be taken in the event of a data theft or loss.

Click here to find out about your state’s legislation.

In the 2020 Audio CD CyberSecurity and Your Accounting Firm, the experts we interviewed at Stratagema estimated the cost per incident to be $250 per client. And this is just fulfilling the notification requirements. It doesn’t take into account any legal action that might result from the security breach, or the damage to your reputation.

In my opinion, regardless of your state’s stance on the issue, it’s not worth it. When it comes to data protection, I think nothing short of best practices are in order. The tools that enable secure document exchange and storage are inexpensive and easy to operate.

There are a number of options for secure data exchange: 

  1. Utilize a portal. A portal is a permanent secure web based location where documents can be stored;
  2. Redact personally identifiable information before it is transmitted; or,
  3. Encrypt files before sending them.

In our office, we use a combination of all 3 depending on the client. Some of our clients prefer the portal (supplied by Acct1st). Inside the portal we store any number of documents which gives our clients secure, 24/7 access to them. Clients can also upload documents such W2s and K1s which helps keep our office paperless.

We can also redact particular information. Redaction is NOT taking a Sharpie to a document and specific software is required to properly redact a document. We use Adobe Acrobat Standard (not Reader). You can purchase inexpensive Acrobat licenses here.

In some instances we’ll never be able to move clients away from email. And for these clients we make sure all files are encrypted before they are sent. There are many encryption tools available, sum easier to use than others.  For example Adobe Standard has this feature, and is a tool for 1-way traffic, that is encrypted emails from your office. But what about files with personally identifiable information coming from your clients?

We prefer setting up our clients on CPA Safemail by Cpaperless. This simple Outlook add in allows you to right-click a file and encrypt it before you send it to Outlook. You can create a password for the recipient or you can allow them to create their own account (and password) which will allow them to send files back to you securely.

Finally, make sure if data leaves the office in a zip drive storage device or on a laptop, make sure they are encrypted.

Please don’t hesitate to email any questions you have about this topic – I think the stakes are too high to make a mistake.

2020 Premium Members get prefered pricing at Acct1st and Cpaperless.
Contact Andrew Hatfield at Acct1st on (888) 790-7045 x 708 ahatfield@acct1st.com

Contact Steve Dusablon at Cpaperless at (800) 716-2558 x 110  steve.dusablon@cpaperless.com

Post to Twitter Tweet This Post

No comments »

Posted in Data Security, Management, Technology

Tags: